CN115632776B - Secret key burning method and device, electronic equipment and readable storage medium - Google Patents

Secret key burning method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN115632776B
CN115632776B CN202211421455.1A CN202211421455A CN115632776B CN 115632776 B CN115632776 B CN 115632776B CN 202211421455 A CN202211421455 A CN 202211421455A CN 115632776 B CN115632776 B CN 115632776B
Authority
CN
China
Prior art keywords
machine code
target
key value
positioning mark
machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211421455.1A
Other languages
Chinese (zh)
Other versions
CN115632776A (en
Inventor
赵东艳
李德建
王喆
王慧
胡文彬
吴甜甜
赵晓龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Smartchip Microelectronics Technology Co Ltd
Original Assignee
Beijing Smartchip Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Smartchip Microelectronics Technology Co Ltd filed Critical Beijing Smartchip Microelectronics Technology Co Ltd
Priority to CN202211421455.1A priority Critical patent/CN115632776B/en
Publication of CN115632776A publication Critical patent/CN115632776A/en
Application granted granted Critical
Publication of CN115632776B publication Critical patent/CN115632776B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure relates to the technical field of key secure storage, and in particular to a key burning method, a key burning device, an electronic device and a readable storage medium, wherein the key burning comprises the following steps: acquiring a first machine code embedded with a preset key value; analyzing the first machine code to obtain a plurality of data transmission instructions; replacing at least part of preset key values in each data transmission instruction in the plurality of data transmission instructions with key values at corresponding positions in target key values to obtain a second machine code; burning the second machine code to an executable only memory. According to the scheme, on the premise of not compiling a program source code, the embedded preset secret key value in the binary machine code can be directly replaced by the target secret key value of different equipment, namely, the requirement of one secret key is met in a mode of directly modifying binary data of only executable memory firmware, so that the leakage risk of the program source code is reduced, and the safety of secret key burning is improved.

Description

Secret key burning method and device, electronic equipment and readable storage medium
Technical Field
The disclosure relates to the technical field of key secure storage, and in particular to a key burning method, a key burning device, electronic equipment and a readable storage medium.
Background
With the development of communication technology, users can use computers to perform data transmission with other devices, servers and the like. In order to prevent the data content from leaking, the data to be transmitted needs to be encrypted by using a key, so that the encrypted data is used for data transmission. In the data transmission process, even if an attacker can obtain complete data, as long as the attacker does not have the secret key, the ciphertext cannot be decrypted, and therefore, the safe storage of the secret key is particularly important.
In the related art, a compiler is generally used to compile a program source code including a key value into a binary machine code, so as to embed the key value in the source code into the binary machine code generated by the compilation.
However, when the key value is burned in mass production by using the above scheme of embedding the key value, usually only compiled program firmware can be used, and for different key requirements of each device, a worker needs to compile the program source code of each device in the field to obtain the program firmware and burn the program firmware into the corresponding device, and usually, the worker has a risk of recompiling the program source code, which results in a high possibility of program source code leakage.
Disclosure of Invention
In order to solve the problems in the related art, embodiments of the present disclosure provide a key burning method, a key burning device, an electronic device, and a readable storage medium.
In a first aspect, a method for burning a key is provided in the embodiments of the present disclosure.
Specifically, the key burning method includes:
acquiring a first machine code embedded with a preset key value;
analyzing the first machine code to obtain a plurality of data transmission instructions, wherein each data transmission instruction in the plurality of data transmission instructions comprises at least part of preset key values in the preset key values;
replacing at least part of preset key values in each data transmission instruction in the plurality of data transmission instructions with key values at corresponding positions in target key values to obtain a second machine code;
burning the second machine code to an executable only memory.
In an implementation manner of the embodiment of the present disclosure, the first machine code includes a first positioning mark and a second positioning mark, where the first positioning mark is used to indicate a first data transmission instruction including a preset key value in the first machine code, and the second positioning mark is used to indicate an end position of a last data transmission instruction including the preset key value in the first machine code.
In an implementation manner of the embodiment of the present disclosure, the analyzing the first machine code to obtain multiple data transmission instructions includes:
acquiring a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code;
analyzing a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code one by one to obtain a plurality of data analysis instructions;
and determining the data analysis instructions which comprise at least part of preset key values in the data analysis instructions as the data transmission instructions.
In an implementation manner of the embodiment of the present disclosure, after burning the second machine code to the executable-only memory, the method further includes:
executing the second machine code in the executable-only memory to obtain the target key value and writing the target key value to a buffer.
In an implementation manner of the embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark, where the third positioning mark is used to indicate a start position of a first data transfer instruction including a target key value in the second machine code, and the fourth positioning mark is used to indicate an end position of a last data transfer instruction including the target key value in the second machine code.
In one implementation of the embodiment of the present disclosure, the first positioning mark, the second positioning mark, the third positioning mark, and the fourth positioning mark are respectively useless instructions that do not generate any side effect.
In one implementation manner of the embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark;
said executing said second machine code in said executable-only memory to obtain said target key value and writing said target key value to a buffer, comprising:
acquiring a plurality of target machine codes positioned between the third positioning mark and the fourth positioning mark in the second machine code;
sequentially executing each target machine code in the plurality of target machine codes to obtain a target key value in a data transmission instruction of each target machine code;
and sequentially writing the target key value in the data transmission instruction of each target machine code into the buffer area.
In an implementation manner of the embodiment of the present disclosure, the second machine code further includes a plurality of call instruction machine codes, one call instruction machine code corresponds to one target machine code of the plurality of target machine codes, and each call instruction machine code is a machine code of a call instruction for calling one target machine code.
In an implementation manner of the embodiment of the present disclosure, before executing each target machine code of the plurality of target machine codes in sequence to obtain a partial target key value in a data transfer instruction of each target machine code, the method further includes:
executing the ith calling instruction machine code in the calling instruction machine codes to judge the address validity of the calling instruction;
the sequentially executing each target machine code of the plurality of target machine codes to obtain a part of target key values in a data transmission instruction of each target machine code includes:
and under the condition that the address of the calling instruction is determined to be legal, executing an ith entry marker code in the target machine codes corresponding to the ith calling instruction machine code to acquire a target key value in a data transmission instruction of the ith target machine code.
In an implementation manner of the embodiment of the present disclosure, before writing the target key value into the buffer, the method further includes:
setting the buffer area in a memory, wherein the size of the buffer area is larger than or equal to the length of the target key value;
the writing the target key value to a buffer includes:
acquiring a first parameter and a second parameter, wherein the first parameter is used for indicating the initial position address of the buffer area, and the second parameter is used for indicating the size of the buffer area;
and correspondingly writing the target key value into the buffer area according to the first parameter and the second parameter.
In an implementation manner of the embodiment of the present disclosure, after writing the target key value into the buffer, the method further includes:
emptying all data in the buffer.
In one implementation manner of the embodiment of the present disclosure, after the executing the second machine code in the executable-only memory to obtain the target key value, the method further includes:
executing target operation according to the target key value;
wherein the performing a target operation comprises at least one of: distributed keys, encrypted data, decrypted data.
In a second aspect, an embodiment of the present disclosure provides a key burning apparatus.
Specifically, the key burning device includes:
a first obtaining module configured to obtain a first machine code embedded with a preset key value;
a second obtaining module, configured to analyze the first machine code to obtain a plurality of data transmission instructions, where each data transmission instruction in the plurality of data transmission instructions includes at least part of preset key values in the preset key values;
a replacing module configured to replace the at least part of the preset key values in each of the plurality of data transfer instructions with key values at corresponding positions in target key values to obtain a second machine code;
a first processing module configured to burn the second machine code to an executable-only memory.
In an implementation manner of the embodiment of the present disclosure, the first machine code includes a first positioning mark and a second positioning mark, where the first positioning mark is used to indicate a first data transmission instruction including a preset key value in the first machine code, and the second positioning mark is used to indicate an end position of a last data transmission instruction including the preset key value in the first machine code.
In an implementation manner of the embodiment of the present disclosure, the second obtaining module is configured to:
acquiring a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code;
analyzing a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code one by one to obtain a plurality of data analysis instructions;
and determining the data analysis instructions which comprise at least part of preset key values in the data analysis instructions as the data transmission instructions.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus further includes:
a first execution module configured to execute the second machine code in the executable-only memory to obtain the target key value;
a second processing module configured to write the target key value to a buffer.
In an implementation manner of the embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark, where the third positioning mark is used to indicate a start position of a first data transfer instruction including a target key value in the second machine code, and the fourth positioning mark is used to indicate an end position of a last data transfer instruction including the target key value in the second machine code.
In one implementation of the embodiment of the present disclosure, the first positioning mark, the second positioning mark, the third positioning mark, and the fourth positioning mark are respectively useless instructions that do not generate any side effect.
In one implementation manner of the embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark; the first execution module configured to:
acquiring a plurality of target machine codes positioned between the third positioning mark and the fourth positioning mark in the second machine code;
sequentially executing each target machine code in the plurality of target machine codes to obtain a target key value in a data transmission instruction of each target machine code;
the second processing module configured to: and sequentially writing the target key value in the data transmission instruction of each target machine code into the buffer area.
In an implementation manner of the embodiment of the present disclosure, the second machine code further includes a plurality of call instruction machine codes, one call instruction machine code corresponds to one target machine code of the plurality of target machine codes, and each call instruction machine code is a machine code of a call instruction for calling one target machine code.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus further includes:
the second execution module is configured to execute the ith calling instruction machine code in the calling instruction machine codes so as to judge the address validity of the calling instruction;
the first execution module configured to: and under the condition that the address of the calling instruction is determined to be legal, executing an ith entry marker code in the target machine codes corresponding to the ith calling instruction machine code to acquire a target key value in a data transmission instruction of the ith target machine code.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus further includes:
a third processing module configured to set the buffer in a memory, a size of the buffer being greater than or equal to a length of the target key value;
the second processing module is specifically configured to: acquiring a first parameter and a second parameter, wherein the first parameter is used for indicating the initial position address of the buffer area, and the second parameter is used for indicating the size of the buffer area;
and correspondingly writing the target key value into the buffer area according to the first parameter and the second parameter.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus further includes:
a fourth processing module configured to empty all data in the buffer.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus further includes:
a third execution module configured to execute a target operation according to the target key value;
wherein the performing the target operation comprises at least one of: distributed keys, encrypted data, decrypted data.
In a third aspect, the present disclosure provides an electronic device, including a memory and a processor, where the memory is configured to store one or more computer instructions, where the one or more computer instructions are executed by the processor to implement the method according to any one of the first aspect and the implementation manner of the first aspect.
In a fourth aspect, an embodiment of the present disclosure provides a computer-readable storage medium, on which computer instructions are stored, and when executed by a processor, the computer instructions implement the method according to any one of the first aspect and the implementation manner of the first aspect.
According to the technical scheme provided by the embodiment of the disclosure, a first machine code embedded with a preset key value can be obtained; analyzing the first machine code to obtain a plurality of data transmission instructions, wherein each data transmission instruction in the N data transmission instructions comprises at least part of preset key values in the preset key values; replacing a preset key value in each data transmission instruction in the plurality of data transmission instructions with a key value at a corresponding position in a target key value to obtain a second machine code; burning the second machine code to an executable only memory. Through the technical scheme, on the premise of not compiling a program source code, the embedded preset key value in the binary machine code can be directly replaced by the target key value of different equipment, namely, the requirement of one secret for one machine is met by directly modifying the binary data of only executable memory firmware, so that the leakage risk of the program source code is reduced, and the safety of key burning is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
Other features, objects, and advantages of the present disclosure will become more apparent from the following detailed description of non-limiting embodiments when taken in conjunction with the accompanying drawings. In the drawings.
Fig. 1 shows a flowchart of a key burning method according to an embodiment of the present disclosure.
Fig. 2 shows a schematic structural diagram of a data transfer instruction according to an embodiment of the present disclosure.
Fig. 3 shows a block diagram of a key burning apparatus according to an embodiment of the present disclosure.
Fig. 4 shows a block diagram of an electronic device according to an embodiment of the present disclosure.
FIG. 5 shows a schematic block diagram of a computer system suitable for use in implementing a method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement them. Also, for the sake of clarity, parts not relevant to the description of the exemplary embodiments are omitted in the drawings.
In the present disclosure, it is to be understood that terms such as "including" or "having," etc., are intended to indicate the presence of the disclosed features, numbers, steps, behaviors, components, parts, or combinations thereof, and are not intended to preclude the possibility that one or more other features, numbers, steps, behaviors, components, parts, or combinations thereof may be present or added.
It should be further noted that the embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In the present disclosure, if an operation of acquiring user information or user data or an operation of presenting user information or user data to others is involved, the operations are all operations authorized, confirmed by a user, or actively selected by the user.
As mentioned above, as communication technology has developed, users can use computers to perform data transmission with other devices, servers, and the like. In order to prevent the data content from leaking, the data to be transmitted needs to be encrypted by using a key, so that the encrypted data is used for data transmission. In the data transmission process, even if an attacker can obtain complete data, as long as the attacker does not have a secret key, the ciphertext cannot be decrypted, and therefore, the safe storage of the secret key is particularly important.
In the related art, a compiler is generally used to compile a program source code including key values into a binary machine code, so as to embed the key values in the source code into the binary machine code generated by the compilation.
However, when the key value embedding scheme is adopted for burning the key in mass production, usually only compiled program firmware can be used, and under the situation that one secret is required, a worker needs to use the program source code to compile in the field, and usually the worker does not have the program source code and the risk exists in recompiling the program source code, so that the key value embedding scheme is inconvenient for mass production and unsafe to use.
In view of the above technical problem, an embodiment of the present disclosure provides a key burning method, which may obtain a first machine code embedded with a preset key value; analyzing the first machine code to obtain a plurality of data transmission instructions, wherein each data transmission instruction in the N data transmission instructions comprises at least part of preset key values in the preset key values; replacing a preset key value in each data transmission instruction in the plurality of data transmission instructions with a key value at a corresponding position in a target key value to obtain a second machine code; burning the second machine code to an executable only memory.
According to the technical scheme provided by the embodiment of the disclosure, on the premise of not compiling a program source code, the embedded preset key value in the binary machine code can be directly replaced by the target key value of different equipment, that is, the requirement of one machine and one secret is met by directly modifying the binary data of only executable memory firmware, so that the leakage risk of the program source code is reduced, and the safety of key burning is improved.
Fig. 1 shows a flow diagram of a key burning method according to an embodiment of the present disclosure. As shown in fig. 1, the key burning method includes the following steps S101 to S104:
in step S101, a first machine code in which a preset key value is embedded is acquired.
In step S102, the first machine code is parsed to obtain a plurality of data transmission instructions.
Wherein each of the plurality of data transfer instructions includes at least some of the predetermined key values.
In step S103, the at least part of the preset key values in each of the plurality of data transfer instructions are replaced with the key values at the corresponding positions in the target key values, so as to obtain a second machine code.
In step S104, the second machine code is burned into the executable only memory.
In an embodiment of the present disclosure, the key burning method may be applied to a computer, a computing device, an electronic device, and the like, which burn or store a key.
In an embodiment of the present disclosure, the first machine code may be understood as a piece of machine code directly written by a developer and stored in a computer, or a piece of machine code generated by a compiler for a program source code. The method is determined according to actual use conditions, and the embodiment of the disclosure does not limit the method.
In an embodiment of the present disclosure, the first machine code may be understood as being composed of a plurality of machine codes. Wherein the plurality of machine codes may include a machine code in which a data transfer instruction of at least a part of a preset key value is embedded, and may further include a machine code for serving as a positioning mark. For the structure of the first machine code, the following detailed description of the second machine code may be referred to, and the details of the embodiments of the disclosure are not repeated herein.
In an embodiment of the present disclosure, the preset key value may be set by a technician in a customized manner when writing program code.
In an embodiment of the present disclosure, at least a portion of the preset key values may be completely included in each of the plurality of data transfer instructions in the form of an immediate number. Of course, at least some of the preset key values may also exist in other forms in the data transmission instruction, which is not limited by the embodiment of the present disclosure.
In one embodiment of the present disclosure, the instruction type of the data transfer instructions may be different according to the processor architecture used. For example, for an ARMv8-M architecture processor (such as an ARM Cortex-M23 series processor), the data transfer instruction may be an MOV (move) or MOVT instruction.
For example, for an ARMv8-M processor, the data transfer instruction is an MOV (move) instruction, which is structured as shown in FIG. 2, wherein imm8 is an immediate of 8-bit binary data, i.e., a predetermined key value.
In an embodiment of the present disclosure, burning the second machine code into the executable-only memory may be understood as burning the second machine code into the executable-only memory of the processor chip by means of the burner.
In one embodiment of the present disclosure, the execution Only Memory (XOM) is a secure ROM area for storing instructions of the binary machine code, where the Memory address of the instructions is prohibited from any data access by the system bus and can Only be executed by the processor. The user can use the program instructions stored in the standard program memory to perform the actions of calling functions (APIs) to execute the binary program code stored in the XOM area, but cannot know the content of the binary program code through any way, i.e., the XOM prevents leakage by making the program code unreadable. Thus, after the second machine code is burned into the executable memory, the secure storage of the target key value can be ensured.
In an embodiment of the present disclosure, the first machine code includes a first positioning mark and a second positioning mark, the first positioning mark is used to indicate a first data transmission instruction including a preset key value in the first machine code, and the second positioning mark is used to indicate an end position of a last data transmission instruction including a preset key value in the first machine code.
In one embodiment of the present disclosure, the first positioning mark and the second positioning mark may be understood as one or more useless instructions, and the execution of the useless instructions does not cause any side effect.
In this embodiment, because the first positioning mark and the second positioning mark exist in the first machine code, the data transmission instruction containing the preset key value can be queried more quickly, so that the key value can be modified in mass production, and one secret is realized.
In an embodiment of the present disclosure, the first machine code and the second machine code may be understood as a piece of function code, and both the first machine code and the second machine code may be binary machine codes.
In an embodiment of the present disclosure, when the first machine code includes the first positioning mark and the second positioning mark, the step S102, namely, analyzing the first machine code to obtain a plurality of data transmission instructions, may specifically include the following steps:
acquiring a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code;
analyzing a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code one by one to obtain a plurality of data analysis instructions;
and determining the data analysis instructions which comprise at least part of preset key values in the data analysis instructions as the data transmission instructions.
In an embodiment of the present disclosure, each of the plurality of data parsing instructions may be understood as a data instruction obtained by parsing a binary machine code.
In an embodiment of the present disclosure, in a possible case, a part of the data parsing instructions includes at least part of the preset key values, and another part of the data parsing instructions does not include at least part of the preset key values; in another possible case, each of the plurality of data parsing instructions includes at least a portion of the preset key value.
In an embodiment of the present disclosure, the first machine code may include a plurality of machine codes, and after the plurality of machine codes located between the first positioning mark and the second positioning mark are obtained from the first machine code, the plurality of machine codes located between the first positioning mark and the second positioning mark may be analyzed one by one to obtain a data analysis instruction corresponding to each of the plurality of machine codes, that is, the plurality of data analysis instructions. Excluding a data parsing instruction not including a key value and a data parsing instruction including a key value different from the preset key value from the plurality of data parsing instructions, so that data parsing instructions each including at least a part of the preset key value among the plurality of data parsing instructions can be determined as the plurality of data transfer instructions.
The embodiment of the disclosure provides a key burning method, which can directly replace an embedded preset key value in a binary machine code with a target key value of different equipment on the premise of not compiling a program source code, i.e., ensure that the requirement of one secret for one machine is met by directly modifying binary data of only executable memory firmware, thereby reducing the leakage risk of the program source code and improving the security of key burning.
In an embodiment of the present disclosure, after the step S104 of burning the second machine code into the executable-only memory, the method may further include the steps of:
executing the second machine code in the executable-only memory to obtain the target key value and writing the target key value to a buffer.
In one embodiment of the present disclosure, executing the second machine code in the executable-only memory begins executing function code. When executing the second machine code, the incoming parameters may include a starting location address of the buffer and a size of the buffer.
In an embodiment of the present disclosure, the buffer may be used to store the target key value.
In an embodiment of the present disclosure, before the step of writing the target key value into the buffer, the key burning method provided in the embodiment of the present disclosure may further include: a buffer is set in the memory. Wherein the size of the buffer may be greater than or equal to the length of the target key value.
Further, the step of writing the target key value into the buffer may be specifically implemented by the following steps:
acquiring a first parameter and a second parameter, wherein the first parameter is used for indicating the initial position address of the buffer area, and the second parameter is used for indicating the size of the buffer area;
and correspondingly writing the target key value into the buffer area according to the first parameter and the second parameter.
In this embodiment, after a buffer is set in the memory in advance, since the first parameter and the second parameter can be obtained during the execution of the second machine code, the target key value can be correspondingly written into the preset buffer according to the first parameter and the second parameter, thereby preventing the target key value from being exposed in other memory address spaces.
In an embodiment of the present disclosure, after the step of writing the target key value into the buffer, the key burning method provided in the embodiment of the present disclosure may further include: emptying all data in the buffer. Therefore, the time for storing the key value in the memory can be reduced as much as possible, and the leakage of the key value is prevented to ensure the safety of the key value.
In this embodiment, the target key value can be acquired only by the processor executing the second machine code in the executable-only memory, thereby preventing leakage of the target key value.
In an embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark, the third positioning mark is used to indicate a start position of a first data transfer instruction including a target key value in the second machine code, and the fourth positioning mark is used to indicate an end position of a last data transfer instruction including the target key value in the second machine code.
In an embodiment of the present disclosure, the first positioning mark, the second positioning mark, the third positioning mark, and the fourth positioning mark are useless instructions that do not cause any side effect, respectively. That is, the first positioning mark, the second positioning mark, the third positioning mark, and the fourth positioning mark may be understood as one or more useless instructions that are executed without any side effect. In this way, the third positioning mark and the fourth positioning mark do not have any influence on obtaining the target key value during the execution of the second machine code.
In addition, the third positioning mark and the first positioning mark may be the same or different, and the fourth positioning mark and the second positioning mark may be the same or different, which is determined according to actual use conditions, and this is not limited in this embodiment of the disclosure.
In this embodiment, since the third positioning mark and the fourth positioning mark exist in the second machine code, all the machine codes in which partial target key values are embedded can be found from the second machine code more quickly through the third positioning mark and the fourth positioning mark to obtain complete target key values, thereby improving efficiency.
In an embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark; the step of executing the second machine code in the executable-only memory to obtain the target key value and writing the target key value into the buffer may specifically include the following steps:
acquiring a plurality of target machine codes positioned between the third positioning mark and the fourth positioning mark in the second machine code;
sequentially executing each target machine code in the plurality of target machine codes to obtain a part of target key values in the data transmission instruction of each target machine code;
and sequentially writing part of target key values in the data transmission instruction of each target machine code into the buffer area.
In an embodiment of the present disclosure, each of the plurality of target machine codes is executed in sequence to obtain a partial target key value in the data transfer instruction of each of the target machine codes, that is, each time one target machine code is executed, a partial target key value included in the data transfer instruction of the one target machine code is obtained, and the target key value is written into a buffer, and this is executed in a loop manner to write a complete target key value into the buffer.
In this embodiment, because the third positioning mark and the fourth positioning mark exist in the second machine code, all the multiple target machine codes in which partial target key values are embedded can be found from the second machine code more quickly through the third positioning mark and the fourth positioning mark, and then each target machine code is executed in sequence to obtain a complete target key value and write the complete target key value into the buffer, thereby improving efficiency and ensuring security of writing the target key value into the buffer.
In an embodiment of the present disclosure, the second machine code may be understood as being composed of a plurality of target machine codes. Wherein, the target machine codes may include: machine code for machine code as a location marker, data transfer instructions including at least a portion of the target key value.
In an embodiment of the present disclosure, the second machine code further includes a plurality of call instruction machine codes, one call instruction machine code corresponds to one target machine code of the plurality of target machine codes, and each call instruction machine code is a machine code of a call instruction for calling one target machine code. Therefore, the address validity of the calling instruction can be judged according to the calling instruction machine code.
In an embodiment of the present disclosure, in a case that the second machine code further includes a plurality of call instruction machine codes, before the step of sequentially executing each target machine code of the plurality of target machine codes to obtain a partial target key value in a data transfer instruction of each target machine code, the method may further include the following steps:
executing the ith calling instruction machine code in the calling instruction machine codes to judge the address validity of the calling instruction;
the step of sequentially executing each target machine code of the plurality of target machine codes to obtain a part of target key values in the data transfer instruction of each target machine code may specifically include the following steps:
and under the condition that the address of the calling instruction is determined to be legal, executing an ith entry marker code in the target machine codes corresponding to the ith calling instruction machine code to acquire a target key value in a data transmission instruction of the ith target machine code.
Illustratively, the composition structure of the second machine code embedded with the target key value is as follows:
machine code for one or more garbage instructions, i.e. as a third positioning mark (A1);
checking whether the address of the calling instruction is legal machine code;
machine code of a first data transfer instruction having embedded therein part 1 of a target key value (B1)
Checking whether the address of the calling instruction is legal machine code;
machine code (B2) of a second data transfer instruction having embedded therein part 2 of the target key value;
checking whether the address of the calling instruction is legal machine code;
machine code (Bn) of a last data transfer instruction embedded with a last portion of the target key value;
machine code for one or more non-useful instructions, i.e. as a fourth positioning mark (A2)
The machine code of the instruction is returned.
The step of executing the second machine code embedded with the target key value is specifically as follows:
(1) Start execution of the second machine code (i.e., function code), with incoming parameters: the starting position address of the buffer area and the size of the buffer area.
(2) One or more of the garbage instructions A1 are executed without any side effects.
(3) And checking whether the calling party address is legal or not, namely judging whether the instruction address for calling the second machine code is legal or not. If the code is legal, continuing to execute the following step (4); and if not, jumping to the step (8).
(4) The machine code B1 of the first data transfer instruction embedded with part 1 of the target key value is executed. After B1 is performed, part 1 of the target key value is retrieved and part 1 of the target key value is written to the buffer.
(5) Checking whether the caller address is legal. If the code is legal, continuing to execute the following step (6); if not, jumping to step (8). The operation executed in step (5) is the same as that in step (3), and the judgment of multiple times and repetition is to avoid that illegal codes jump to the middle part of the function codes and start execution, so that the check of the starting position is skipped.
(6) Repeating the steps (4) and (5) to obtain the 2 nd part, the 3 rd part and the last part of the target key value in sequence, and writing the 2 nd part, the 3 rd part and the last part of the target key value into the buffer respectively.
(7) One or more of the garbage instructions B2 are executed without any side effects.
(8) And the second machine code completes execution, and the return value is the length of the key value.
In this embodiment, before each target machine code in the plurality of target machine codes is sequentially executed to obtain a part of the target key value in the data transfer instruction of each target machine code, the call instruction machine code may be executed to judge the address validity of the call instruction, and in the case that the address of the call instruction is determined to be valid, the target machine code corresponding to the call instruction machine code is executed to obtain the target key value in the data transfer instruction of the target machine code, so that by repeatedly judging the address validity of the call instruction, it is possible to prevent an illegal code from skipping the check of the start position and directly jumping to the middle part of the second machine code to start execution, that is, prevent the illegal code from calling the second machine code.
In an embodiment of the present disclosure, after the step of executing the second machine code in the executable-only memory to obtain the target key value, the method may further include the steps of:
executing target operation according to the target key value;
wherein the performing a target operation comprises at least one of: distributed keys, encrypted data, decrypted data.
It should be noted that, the content included in the execution target operation in the foregoing embodiment is only an exemplary description, and of course, other possible operations may also be included, and the embodiment of the present disclosure does not limit this.
In this embodiment, if the key is distributed according to the target key value, the key can be prevented from being decrypted, and the security of key storage can be improved; if the data is encrypted according to the target key value, the security of data transmission can be improved, an attacker is prevented from decrypting the ciphertext, and the purpose of protecting the data from being illegally stolen and read is achieved; if the data is decrypted according to the target key value, the safety authentication can be completed, the ciphertext is changed into the plaintext, the authenticated user can conveniently acquire the data, the information can be only read by a readable receiver, and the privatization information is prevented from being intercepted and stolen in the network.
Fig. 3 shows a block diagram of a key burning apparatus according to an embodiment of the present disclosure. The apparatus may be implemented as part or all of an electronic device through software, hardware, or a combination of both.
As shown in fig. 3, the key burning apparatus 200 includes a first obtaining module 201, a second obtaining module 202, a replacing module 203, and a first processing module 204.
The first obtaining module 201 is configured to obtain a first machine code embedded with a preset key value;
the second obtaining module 202 is configured to analyze the first machine code to obtain a plurality of data transmission instructions, where each data transmission instruction in the plurality of data transmission instructions includes at least part of the preset key values;
the replacing module 203 is configured to replace the at least part of the preset key values in each data transmission instruction in the plurality of data transmission instructions with key values at corresponding positions in target key values to obtain a second machine code;
the first processing module 204 is configured to burn the second machine code into the executable-only memory.
In an implementation manner of the embodiment of the present disclosure, the first machine code includes a first positioning mark and a second positioning mark, where the first positioning mark is used to indicate a first data transmission instruction including a preset key value in the first machine code, and the second positioning mark is used to indicate an end position of a last data transmission instruction including the preset key value in the first machine code.
In an implementation manner of the embodiment of the present disclosure, the second obtaining module 202 is configured to:
acquiring a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code;
analyzing a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code one by one to obtain a plurality of data analysis instructions;
and determining the data analysis instructions which comprise at least part of preset key values in the data analysis instructions as the data transmission instructions.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus 200 further includes:
a first execution module configured to execute the second machine code in the executable-only memory to obtain the target key value;
a second processing module configured to write the target key value to a buffer.
In an implementation manner of the embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark, where the third positioning mark is used to indicate a start position of a first data transfer instruction including a target key value in the second machine code, and the fourth positioning mark is used to indicate an end position of a last data transfer instruction including the target key value in the second machine code.
In one implementation of the embodiment of the present disclosure, the first positioning mark, the second positioning mark, the third positioning mark, and the fourth positioning mark are respectively useless instructions that do not generate any side effect.
In one implementation manner of the embodiment of the present disclosure, the second machine code includes a third positioning mark and a fourth positioning mark; the first execution module configured to:
acquiring a plurality of target machine codes positioned between the third positioning mark and the fourth positioning mark in the second machine code;
sequentially executing each target machine code in the plurality of target machine codes to obtain a target key value in a data transmission instruction of each target machine code;
the second processing module configured to: and sequentially writing the target key value in the data transmission instruction of each target machine code into the buffer area.
In an implementation manner of the embodiment of the present disclosure, the second machine code further includes multiple call instruction machine codes, one call instruction machine code corresponds to one target machine code of the multiple target machine codes, and each call instruction machine code is a machine code of a call instruction for calling one target machine code.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus 200 further includes:
the second execution module is configured to execute the ith calling instruction machine code in the calling instruction machine codes so as to judge the address validity of the calling instruction;
the first execution module configured to: and under the condition that the address of the calling instruction is determined to be legal, executing an ith item machine code in the target machine codes corresponding to the ith calling instruction machine code to acquire a target key value in a data transmission instruction of the ith item target machine code.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus 200 further includes:
a third processing module configured to set the buffer in a memory, a size of the buffer being greater than or equal to a length of the target key value;
the second processing module is specifically configured to: acquiring a first parameter and a second parameter, wherein the first parameter is used for indicating the initial position address of the buffer area, and the second parameter is used for indicating the size of the buffer area;
and correspondingly writing the target key value into the buffer area according to the first parameter and the second parameter.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus 200 further includes:
a fourth processing module configured to empty all data in the buffer.
In an implementation manner of the embodiment of the present disclosure, the key burning apparatus 200 further includes:
a third execution module configured to execute a target operation according to the target key value;
wherein the performing a target operation comprises at least one of: distributed keys, encrypted data, decrypted data.
The embodiment of the disclosure provides a key burning device, which can directly replace an embedded preset key value in a binary machine code with a target key value of different equipment on the premise of not compiling a program source code, i.e., the requirement of one secret for one machine is met by directly modifying binary data of only executable memory firmware, so that the risk of leakage of the program source code is reduced, and the security of key burning is improved.
The present disclosure also discloses an electronic device, and fig. 4 shows a block diagram of the electronic device according to an embodiment of the present disclosure.
As shown in fig. 4, the electronic device includes a memory and a processor, where the memory is to store one or more computer instructions, where the one or more computer instructions are executed by the processor to implement a method according to an embodiment of the disclosure.
FIG. 5 shows a schematic block diagram of a computer system suitable for use in implementing a method according to an embodiment of the present disclosure.
As shown in fig. 5, the computer system includes a processing unit that can execute the various methods in the above-described embodiments according to a program stored in a Read Only Memory (ROM) or a program loaded from a storage section into a Random Access Memory (RAM). In the RAM, various programs and data necessary for the operation of the computer system are also stored. The processing unit, the ROM, and the RAM are connected to each other by a bus. An input/output (I/O) interface is also connected to the bus.
The following components are connected to the I/O interface: an input section including a keyboard, a mouse, and the like; an output section including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section including a hard disk and the like; and a communication section including a network interface card such as a LAN card, a modem, or the like. The communication section performs a communication process via a network such as the internet. The drive is also connected to the I/O interface as needed. A removable medium such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive as needed, so that the computer program read out therefrom is mounted into the storage section as needed. The processing unit can be realized as a CPU, a GPU, a TPU, an FPGA, an NPU and other processing units.
In particular, the methods described above may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the above-described method. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section, and/or installed from a removable medium.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present disclosure may be implemented by software or by programmable hardware. The units or modules described may also be provided in a processor, and the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.
As another aspect, the present disclosure also provides a computer-readable storage medium, which may be a computer-readable storage medium included in the electronic device or the computer system in the above embodiments; or it may be a separate computer readable storage medium not incorporated into the device. The computer readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the present disclosure.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the inventive concept. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.

Claims (22)

1. A method for burning a secret key, the method comprising:
acquiring a first machine code embedded with a preset key value; the first machine code comprises a first positioning mark and a second positioning mark;
acquiring a plurality of machine codes located between the first positioning mark and the second positioning mark in the first machine code, wherein the first positioning mark is used for indicating a first data transmission instruction including a preset key value in the first machine code, and the second positioning mark is used for indicating an end position of a last data transmission instruction including the preset key value in the first machine code;
analyzing a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code one by one to obtain a plurality of data analysis instructions;
determining the data analysis instructions which comprise at least part of preset key values in the data analysis instructions as the data transmission instructions;
replacing at least part of preset key values in each data transmission instruction in the plurality of data transmission instructions with key values at corresponding positions in target key values to obtain a second machine code;
burning the second machine code to an executable only memory.
2. The method of claim 1, wherein after burning the second machine code to the executable-only memory, the method further comprises:
executing the second machine code in the executable-only memory to obtain the target key value, and writing the target key value to a buffer.
3. A method as defined in claim 1, wherein the second machine code includes a third positioning tag and a fourth positioning tag, the third positioning tag being for indicating a start position of a first data transfer instruction in the second machine code that includes the target key value, and the fourth positioning tag being for indicating an end position of a last data transfer instruction in the second machine code that includes the target key value.
4. The method of claim 3, wherein the first positioning mark, the second positioning mark, the third positioning mark, and the fourth positioning mark are useless instructions that do not cause any side effects, respectively.
5. The method of claim 2, wherein the second machine code includes a third positioning mark and a fourth positioning mark;
said executing said second machine code in said executable-only memory to obtain said target key value and writing said target key value to a buffer, comprising:
acquiring a plurality of target machine codes positioned between the third positioning mark and the fourth positioning mark in the second machine code;
sequentially executing each target machine code in the plurality of target machine codes to obtain a target key value in a data transmission instruction of each target machine code;
and sequentially writing the target key value in the data transmission instruction of each target machine code into the buffer area.
6. The method of claim 5, wherein the second machine code further comprises a plurality of call instruction machine codes, a call instruction machine code corresponding to a target machine code of the plurality of target machine codes, each call instruction machine code being a machine code of a call instruction for calling a target machine code.
7. The method of claim 6, wherein prior to said executing each of said plurality of target machine codes in turn to obtain a portion of the target key value in the data transfer instruction of each of said target machine codes, said method further comprises:
executing the ith calling instruction machine code in the calling instruction machine codes to judge the address validity of the calling instruction;
the sequentially executing each target machine code of the plurality of target machine codes to obtain a part of target key values in a data transmission instruction of each target machine code includes:
and under the condition that the address of the calling instruction is determined to be legal, executing an ith item machine code in the target machine codes corresponding to the ith calling instruction machine code to acquire a target key value in a data transmission instruction of the ith item target machine code.
8. The method of claim 2, wherein prior to writing the target key value to a buffer, the method further comprises:
setting the buffer area in a memory, wherein the size of the buffer area is larger than or equal to the length of the target key value;
the writing the target key value to a buffer includes:
acquiring a first parameter and a second parameter, wherein the first parameter is used for indicating the initial position address of the buffer area, and the second parameter is used for indicating the size of the buffer area;
and correspondingly writing the target key value into the buffer area according to the first parameter and the second parameter.
9. The method of claim 2 or 8, wherein after writing the target key value to a buffer, the method further comprises:
emptying all data in the buffer.
10. The method of claim 2, wherein after the executing the second machine code in the executable-only memory to obtain the target key value, the method further comprises:
executing target operation according to the target key value;
wherein the performing a target operation comprises at least one of: distributed keys, encrypted data, decrypted data.
11. A key burning apparatus, comprising:
a first obtaining module configured to obtain a first machine code embedded with a preset key value; the first machine code comprises a first positioning mark and a second positioning mark;
a second obtaining module, configured to obtain a plurality of machine codes located between the first positioning mark and the second positioning mark in the first machine code, where the first positioning mark is used to indicate a first data transfer instruction including a preset key value in the first machine code, and the second positioning mark is used to indicate an end position of a last data transfer instruction including a preset key value in the first machine code;
analyzing a plurality of machine codes positioned between the first positioning mark and the second positioning mark in the first machine code one by one to obtain a plurality of data analysis instructions;
determining the data analysis instructions which comprise at least part of preset key values in the data analysis instructions as the data transmission instructions;
a replacing module configured to replace the at least part of the preset key values in each of the plurality of data transfer instructions with key values at corresponding positions in target key values to obtain a second machine code;
a first processing module configured to burn the second machine code to an executable-only memory.
12. The apparatus of claim 11, wherein the key burning apparatus further comprises:
a first execution module configured to execute the second machine code in the executable-only memory to obtain the target key value;
a second processing module configured to write the target key value to a buffer.
13. An apparatus as defined in claim 11, wherein the second machine code includes a third alignment mark for indicating a start position of a first data transfer instruction including the destination key value in the second machine code, and a fourth alignment mark for indicating an end position of a last data transfer instruction including the destination key value in the second machine code.
14. The apparatus of claim 13, wherein the first positioning mark, the second positioning mark, the third positioning mark, and the fourth positioning mark are useless instructions that do not cause any side effects, respectively.
15. The apparatus of claim 12, wherein the second machine code comprises a third positioning indicia and a fourth positioning indicia; the first execution module configured to:
acquiring a plurality of target machine codes positioned between the third positioning mark and the fourth positioning mark in the second machine code;
sequentially executing each target machine code in the plurality of target machine codes to obtain a target key value in a data transmission instruction of each target machine code;
the second processing module configured to: and sequentially writing the target key value in the data transmission instruction of each target machine code into the buffer area.
16. The apparatus of claim 15, wherein the second machine code further comprises a plurality of call instruction machine codes, a call instruction machine code corresponding to a target machine code of the plurality of target machine codes, each call instruction machine code being a machine code of a call instruction for calling a target machine code.
17. The apparatus of claim 16, wherein the key burning apparatus further comprises:
the second execution module is configured to execute the ith calling instruction machine code in the calling instruction machine codes so as to judge the address validity of the calling instruction;
the first execution module configured to: and under the condition that the address of the calling instruction is determined to be legal, executing an ith item machine code in the target machine codes corresponding to the ith calling instruction machine code to acquire a target key value in a data transmission instruction of the ith item target machine code.
18. The apparatus of claim 12, wherein the key burning apparatus further comprises:
a third processing module configured to set the buffer in a memory, a size of the buffer being greater than or equal to a length of the target key value;
the second processing module is specifically configured to: acquiring a first parameter and a second parameter, wherein the first parameter is used for indicating the initial position address of the buffer area, and the second parameter is used for indicating the size of the buffer area;
and correspondingly writing the target key value into the buffer area according to the first parameter and the second parameter.
19. The apparatus as claimed in claim 12 or 18, wherein the key burning apparatus further comprises:
a fourth processing module configured to empty all data in the buffer.
20. The apparatus of claim 12, wherein the key burning apparatus further comprises:
a third execution module configured to execute a target operation according to the target key value;
wherein the performing the target operation comprises at least one of: distributed keys, encrypted data, decrypted data.
21. An electronic device comprising a memory and a processor; wherein the memory is to store one or more computer instructions, wherein the one or more computer instructions are to be executed by the processor to implement the method steps of any one of claims 1 to 10.
22. A computer-readable storage medium, on which computer instructions are stored, characterized in that the computer instructions, when executed by a processor, implement the method steps of any of claims 1 to 10.
CN202211421455.1A 2022-11-15 2022-11-15 Secret key burning method and device, electronic equipment and readable storage medium Active CN115632776B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211421455.1A CN115632776B (en) 2022-11-15 2022-11-15 Secret key burning method and device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211421455.1A CN115632776B (en) 2022-11-15 2022-11-15 Secret key burning method and device, electronic equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN115632776A CN115632776A (en) 2023-01-20
CN115632776B true CN115632776B (en) 2023-03-17

Family

ID=84910951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211421455.1A Active CN115632776B (en) 2022-11-15 2022-11-15 Secret key burning method and device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN115632776B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112612486A (en) * 2020-12-28 2021-04-06 湖北芯擎科技有限公司 Memory burning method and device and chip to be burned

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103399761B (en) * 2013-07-22 2016-11-23 珠海全志科技股份有限公司 Firmware burning method and device thereof
US20170214701A1 (en) * 2016-01-24 2017-07-27 Syed Kamran Hasan Computer security based on artificial intelligence
CN112866412B (en) * 2020-08-31 2023-06-30 支付宝(杭州)信息技术有限公司 Method for deploying intelligent contracts, blockchain node and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112612486A (en) * 2020-12-28 2021-04-06 湖北芯擎科技有限公司 Memory burning method and device and chip to be burned

Also Published As

Publication number Publication date
CN115632776A (en) 2023-01-20

Similar Documents

Publication Publication Date Title
KR101471589B1 (en) Method for Providing Security for Common Intermediate Language Program
CN110110522B (en) Kernel repairing method and device
US7254586B2 (en) Secure and opaque type library providing secure data protection of variables
US10409966B2 (en) Optimizing and protecting software
US7366914B2 (en) Source code transformation based on program operators
KR101503785B1 (en) Method And Apparatus For Protecting Dynamic Library
EP2854070A1 (en) Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package
CN104680039B (en) A kind of data guard method and device of application program installation kit
US8918654B2 (en) Information processing device, program verification method, and recording medium
JP7154365B2 (en) Methods for securing software code
US20040115860A1 (en) Method to manufacture a phase change memory
KR101216995B1 (en) A code encryption and decryption device against reverse engineering based on indexed table and the method thereof
WO2019075493A1 (en) On device structure layout randomization for binary code to enhance security through increased entropy
CN104866739A (en) Application program encryption method and application program encryption system in Android system
CN112231702B (en) Application protection method, device, equipment and medium
CN110502874B (en) Android App reinforcement method based on file self-modification
CN110245464B (en) Method and device for protecting file
CN110472425A (en) Unity plug-in unit encryption method based on Mono, storage medium
CN115632776B (en) Secret key burning method and device, electronic equipment and readable storage medium
CN104965701A (en) Method and device for acquiring application information
EP2075728A1 (en) A method and an apparatus for code protection
CN116541847A (en) Security detection method and device for application program
CN110535642A (en) A kind of method, intelligent terminal and the storage medium of dispersion storage key
CN110147655A (en) The security protection system and method for application program
CN109344577A (en) A kind of method for carrying out software protection using self-modifying technology under ART

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant